Question regarding shell user creation at login time
Dan Nelson
dnelson at allantgroup.com
Sun Mar 28 23:19:01 PST 2004
In the last episode (Mar 28), Sean Kelly said:
> On Mon, Mar 29, 2004 at 11:05:55AM +0900, Ganbold wrote:
> > 10198 new CALL setuid(0)
> > 10198 new RET setuid -1 errno 1 Operation not permitted
>
> Your attempt to setuid(0) failed.
>
> > 10198 new CALL execve(0x80485d0,0xbfbfed8c,0xbfbfed94)
> > 10198 new NAMI "/home/new/new.pl"
> > 10198 new RET execve -1 errno 13 Permission denied
>
> Your attempt to run that perl script failed.
>
> > -rwsr-x--- 1 root new 4651 Mar 26 08:47 new
> > ---------- 1 root wheel 94 Mar 26 08:47 new.c
> > -r-x------ 1 root wheel 15430 Mar 25 15:16 new.pl
>
> Well, since your attempt to setuid(0) failed, `new.pl` is not being
> execve()'d as root. Therefore, the permissions on the `new.pl` file are
> such that it can't be read or executed by the user/process.
Ah, but if he is in fact running /home/new/new, which is setuid root,
then the setuid(0) call (redundant) should have worked, and so should
the exec.
Ganbold: if you run /home/new/new as an ordinary user, does it work? I
can't think of how ssh would be nullifying the setuid bit on that
binary, but you never know.
--
Dan Nelson
dnelson at allantgroup.com
More information about the freebsd-hackers
mailing list